Lucene search
Veracode Vulnerability DatabaseVERACODE:36611HistoryAug 05, 2022 - 9:01 a.m.
Cross-site Scripting (XSS)
2022-08-0509:01:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
0.001 Low
EPSS
Percentile
34.9%
raneto is vulnerable to cross-site scripting. The vulnerability exists in route_page_edit function in page.edit.route.js due to improper html escaping on submit of page edit which allows an attacker to inject and execute malicious javascript.
References
http:
raneto.com/
cwe.mitre.org/data/definitions/79.html
gainsec.com/2022/08/04/cve-2022-35142-cve-2022-35143-cve-2022-35144/
github.com/advisories/GHSA-vc68-6x72-w22f
github.com/gilbitron/Raneto/commit/80c5d798a823c6396b160c890d55bbb29f39653a
github.com/gilbitron/Raneto/pull/370
github.com/gilbitron/Raneto/releases
Related
prion
prion
Cross site scripting
2022-08-04 20:15:00
nvd
nvd
CVE-2022-35144
2022-08-04 20:15:19
cve
cve
CVE-2022-35144
2022-08-04 20:15:19
github
github
Raneto vulnerable to Cross-site Scripting
2022-08-05 00:00:23
cvelist
cvelist
CVE-2022-35144
2022-08-04 19:36:56
osv
osv
Raneto v0.17.0 employs weak password complexity requirements
2022-08-05 00:00:23
Raneto vulnerable to Cross-site Scripting
2022-08-05 00:00:23